feat: policies on aggregates (#799)

* feat: move pw policy

* feat: default pw complexity policy

* fix: org password complexity policy

* fix: org password complexity policy

* fix: pw complexity policy with setup

* fix: age and lockout policies on aggregates

* fix: migration

* fix: org iam policy

* fix: org iam policy

* fix: org iam policy

* fix: tests

* fix: policy request

* fix: merge master

* fix(console): policies frontend (#817)

* fix policy build

* fix: age, complexity, lockout policies

* fix: ready return err of setup not done

* fix: fix remove policies in spoolers

* fix: fix remove policies in spoolers

* feat(console): policy settings for iam and org (#824)

* fix policy build

* fix: age, complexity, lockout policies

* fix pwd complexity

* policy remove action

* add imports

* fix accounts card, enable mgmt login policy

* lint

* add iam policy to admin

* toasts, i18n, show default

* routing, i18n

* reset policy, toast i18n, cleanup, routing

* policy delete permission

* lint style

* delete iam policy

* delete non project from grid list, i18n

* lint ts, style

* fix: remove instead delete

* feat(console): delete external idp from user (#835)

* dialog i18n, delete column and function

* dialog i18n

* fix rm button

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: revert env, rename policy, remove comments

* fix: lowercase sich

* fix: pr requests

* Update internal/iam/repository/eventsourcing/eventstore_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: tests

* fix: tests

* fix(console): policies (#839)

* fix: nil pointer on get userdata (#815)

* fix: external login (#818)

* fix: external login

* fix: external login

* feat(console): delete user (#819)

* add action col to user table, i18n

* delete user from detail component

* lint

* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)

* fix: remove user.write guard for filtering

* border color

* fix user routing from member tables

* idp detail layout

* generic contact component

* fix redirect to auth user, user grant disable

* disable policy action without permission, i18n

* user-create flex fix, contact ng-content

* rm unused styles

* sidenav divider

* lint

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular/language-service in /console

Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console

Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps-dev): bump @angular-devkit/build-angular in /console

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)

* fix: user session with external login (#797)

* fix: user session with external login

* fix: tests

* fix: tests

* fix: change idp config name

* fix(container): stop copying / and instead only copy zitadel (#691)

* chore: stop copying / and instead only copy zitadel

* Update Dockerfile

* Update release.yml

* enable anchors debug

* fix(container): don't copy alpine content into scratch execpt pwd

* chore: remove need step

* merge master

* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console

Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* create memberstable as common component

* iam member cleanup

* iam + org m table, user table service user avatar

* toast config

* fix selection emitter

* fix project grant table width

* project grant members refactor

* theme optimizations

* member table col delete

* lint

* fix table row color

* refactor grey color

* lint scss

* org list redirect on click, fix user table undef

* refresh table after grant add

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)

* i18n interceptor, set language to browser lang

* nullcheck

* rm external idp log

* fix module imports, rm user displayname from i18n

* Update console/src/assets/i18n/de.json

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: delete external idps from users (#822)

* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)

* fix member table disable, gerneal regexp

* fix user session card, app disable

* memberships max count

* fix policy permissions

* permission check for member add dialog

* lint

* rm accounts log

* rm id regex

* fix: handle usermemberships on project and project grant delete (#825)

* fix: go handler

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: tests

* fix: not needed error handling

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>

internal/iam/model/iam.go

@@ -8,21 +8,27 @@ type Step int
 
 const (
 	Step1 Step = iota + 1
-	//TODO: label policy
-	// Step2
+	Step2
+	Step3
+	Step4
+	Step5
 	//StepCount marks the the length of possible steps (StepCount-1 == last possible step)
 	StepCount
 )
 
 type IAM struct {
 	es_models.ObjectRoot
-	GlobalOrgID        string
-	IAMProjectID       string
-	SetUpDone          Step
-	SetUpStarted       Step
-	Members            []*IAMMember
-	IDPs               []*IDPConfig
-	DefaultLoginPolicy *LoginPolicy
+	GlobalOrgID                     string
+	IAMProjectID                    string
+	SetUpDone                       Step
+	SetUpStarted                    Step
+	Members                         []*IAMMember
+	IDPs                            []*IDPConfig
+	DefaultLoginPolicy              *LoginPolicy
+	DefaultOrgIAMPolicy             *OrgIAMPolicy
+	DefaultPasswordComplexityPolicy *PasswordComplexityPolicy
+	DefaultPasswordAgePolicy        *PasswordAgePolicy
+	DefaultPasswordLockoutPolicy    *PasswordLockoutPolicy
 }
 
 func (iam *IAM) GetMember(userID string) (int, *IAMMember) {

internal/iam/model/org_iam_policy.go

@@ -0,0 +1,13 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/eventstore/models"
+)
+
+type OrgIAMPolicy struct {
+	models.ObjectRoot
+
+	State                 PolicyState
+	UserLoginMustBeDomain bool
+	Default               bool
+}

internal/iam/model/org_iam_policy_view.go

@@ -0,0 +1,47 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/model"
+	"time"
+)
+
+type OrgIAMPolicyView struct {
+	AggregateID           string
+	UserLoginMustBeDomain bool
+	IAMDomain             string
+	Default               bool
+
+	CreationDate time.Time
+	ChangeDate   time.Time
+	Sequence     uint64
+}
+
+type OrgIAMPolicySearchRequest struct {
+	Offset        uint64
+	Limit         uint64
+	SortingColumn OrgIAMPolicySearchKey
+	Asc           bool
+	Queries       []*OrgIAMPolicySearchQuery
+}
+
+type OrgIAMPolicySearchKey int32
+
+const (
+	OrgIAMPolicySearchKeyUnspecified OrgIAMPolicySearchKey = iota
+	OrgIAMPolicySearchKeyAggregateID
+)
+
+type OrgIAMPolicySearchQuery struct {
+	Key    OrgIAMPolicySearchKey
+	Method model.SearchMethod
+	Value  interface{}
+}
+
+type OrgIAMPolicySearchResponse struct {
+	Offset      uint64
+	Limit       uint64
+	TotalResult uint64
+	Result      []*OrgIAMPolicyView
+	Sequence    uint64
+	Timestamp   time.Time
+}

internal/iam/model/password_age_policy.go

@@ -0,0 +1,13 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/eventstore/models"
+)
+
+type PasswordAgePolicy struct {
+	models.ObjectRoot
+
+	State          PolicyState
+	MaxAgeDays     uint64
+	ExpireWarnDays uint64
+}

internal/iam/model/password_age_policy_view.go

@@ -0,0 +1,47 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/model"
+	"time"
+)
+
+type PasswordAgePolicyView struct {
+	AggregateID    string
+	MaxAgeDays     uint64
+	ExpireWarnDays uint64
+	Default        bool
+
+	CreationDate time.Time
+	ChangeDate   time.Time
+	Sequence     uint64
+}
+
+type PasswordAgePolicySearchRequest struct {
+	Offset        uint64
+	Limit         uint64
+	SortingColumn PasswordAgePolicySearchKey
+	Asc           bool
+	Queries       []*PasswordAgePolicySearchQuery
+}
+
+type PasswordAgePolicySearchKey int32
+
+const (
+	PasswordAgePolicySearchKeyUnspecified PasswordAgePolicySearchKey = iota
+	PasswordAgePolicySearchKeyAggregateID
+)
+
+type PasswordAgePolicySearchQuery struct {
+	Key    PasswordAgePolicySearchKey
+	Method model.SearchMethod
+	Value  interface{}
+}
+
+type PasswordAgePolicySearchResponse struct {
+	Offset      uint64
+	Limit       uint64
+	TotalResult uint64
+	Result      []*PasswordAgePolicyView
+	Sequence    uint64
+	Timestamp   time.Time
+}

internal/iam/model/password_complexity_policy.go

@@ -0,0 +1,32 @@
+package model
+
+import (
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	"regexp"
+)
+
+var (
+	hasStringLowerCase = regexp.MustCompile(`[a-z]`).MatchString
+	hasStringUpperCase = regexp.MustCompile(`[A-Z]`).MatchString
+	hasNumber          = regexp.MustCompile(`[0-9]`).MatchString
+	hasSymbol          = regexp.MustCompile(`[^A-Za-z0-9]`).MatchString
+)
+
+type PasswordComplexityPolicy struct {
+	models.ObjectRoot
+
+	State        PolicyState
+	MinLength    uint64
+	HasLowercase bool
+	HasUppercase bool
+	HasNumber    bool
+	HasSymbol    bool
+}
+
+func (p *PasswordComplexityPolicy) IsValid() error {
+	if p.MinLength == 0 || p.MinLength > 72 {
+		return caos_errs.ThrowInvalidArgument(nil, "MODEL-Lsp0e", "Errors.User.PasswordComplexityPolicy.MinLengthNotAllowed")
+	}
+	return nil
+}

internal/iam/model/password_complexity_policy_view.go

@@ -0,0 +1,74 @@
+package model
+
+import (
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/model"
+	"time"
+)
+
+type PasswordComplexityPolicyView struct {
+	AggregateID  string
+	MinLength    uint64
+	HasLowercase bool
+	HasUppercase bool
+	HasNumber    bool
+	HasSymbol    bool
+	Default      bool
+
+	CreationDate time.Time
+	ChangeDate   time.Time
+	Sequence     uint64
+}
+
+type PasswordComplexityPolicySearchRequest struct {
+	Offset        uint64
+	Limit         uint64
+	SortingColumn PasswordComplexityPolicySearchKey
+	Asc           bool
+	Queries       []*PasswordComplexityPolicySearchQuery
+}
+
+type PasswordComplexityPolicySearchKey int32
+
+const (
+	PasswordComplexityPolicySearchKeyUnspecified PasswordComplexityPolicySearchKey = iota
+	PasswordComplexityPolicySearchKeyAggregateID
+)
+
+type PasswordComplexityPolicySearchQuery struct {
+	Key    PasswordComplexityPolicySearchKey
+	Method model.SearchMethod
+	Value  interface{}
+}
+
+type PasswordComplexityPolicySearchResponse struct {
+	Offset      uint64
+	Limit       uint64
+	TotalResult uint64
+	Result      []*PasswordComplexityPolicyView
+	Sequence    uint64
+	Timestamp   time.Time
+}
+
+func (p *PasswordComplexityPolicyView) Check(password string) error {
+	if p.MinLength != 0 && uint64(len(password)) < p.MinLength {
+		return caos_errs.ThrowInvalidArgument(nil, "MODEL-HuJf6", "Errors.User.PasswordComplexityPolicy.MinLength")
+	}
+
+	if p.HasLowercase && !hasStringLowerCase(password) {
+		return caos_errs.ThrowInvalidArgument(nil, "MODEL-co3Xw", "Errors.User.PasswordComplexityPolicy.HasLower")
+	}
+
+	if p.HasUppercase && !hasStringUpperCase(password) {
+		return caos_errs.ThrowInvalidArgument(nil, "MODEL-VoaRj", "Errors.User.PasswordComplexityPolicy.HasUpper")
+	}
+
+	if p.HasNumber && !hasNumber(password) {
+		return caos_errs.ThrowInvalidArgument(nil, "MODEL-ZBv4H", "Errors.User.PasswordComplexityPolicy.HasNumber")
+	}
+
+	if p.HasSymbol && !hasSymbol(password) {
+		return caos_errs.ThrowInvalidArgument(nil, "MODEL-ZDLwA", "Errors.User.PasswordComplexityPolicy.HasSymbol")
+	}
+	return nil
+}

internal/iam/model/password_complexity_policy_view_test.go

@@ -0,0 +1,197 @@
+package model
+
+import (
+	"testing"
+)
+
+func TestCheckPasswordComplexityPolicy(t *testing.T) {
+	type args struct {
+		policy   *PasswordComplexityPolicyView
+		password string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		hasError bool
+	}{
+		{
+			name: "has minlength ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: false,
+					HasSymbol:    false,
+					HasNumber:    false,
+					MinLength:    10,
+				},
+				password: "password12",
+			},
+			hasError: false,
+		},
+		{
+			name: "has minlength not ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: false,
+					HasSymbol:    false,
+					HasNumber:    false,
+					MinLength:    10,
+				},
+				password: "password",
+			},
+			hasError: true,
+		},
+		{
+			name: "has lowercase ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: true,
+					HasUppercase: false,
+					HasSymbol:    false,
+					HasNumber:    false,
+					MinLength:    0,
+				},
+				password: "password",
+			},
+			hasError: false,
+		},
+		{
+			name: "has lowercase not ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: true,
+					HasUppercase: false,
+					HasSymbol:    false,
+					HasNumber:    false,
+					MinLength:    0,
+				},
+				password: "PASSWORD",
+			},
+			hasError: true,
+		},
+		{
+			name: "has uppercase ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: true,
+					HasSymbol:    false,
+					HasNumber:    false,
+					MinLength:    0,
+				},
+				password: "PASSWORD",
+			},
+			hasError: false,
+		},
+		{
+			name: "has uppercase not ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: true,
+					HasSymbol:    false,
+					HasNumber:    false,
+					MinLength:    0,
+				},
+				password: "password",
+			},
+			hasError: true,
+		},
+		{
+			name: "has symbol ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: false,
+					HasSymbol:    true,
+					HasNumber:    false,
+					MinLength:    0,
+				},
+				password: "!G$",
+			},
+			hasError: false,
+		},
+		{
+			name: "has symbol not ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: false,
+					HasSymbol:    true,
+					HasNumber:    false,
+					MinLength:    0,
+				},
+				password: "PASSWORD",
+			},
+			hasError: true,
+		},
+		{
+			name: "has number ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: false,
+					HasSymbol:    false,
+					HasNumber:    true,
+					MinLength:    0,
+				},
+				password: "123456",
+			},
+			hasError: false,
+		},
+		{
+			name: "has number not ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: false,
+					HasUppercase: false,
+					HasSymbol:    false,
+					HasNumber:    true,
+					MinLength:    0,
+				},
+				password: "PASSWORD",
+			},
+			hasError: true,
+		},
+		{
+			name: "has everything ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: true,
+					HasUppercase: true,
+					HasSymbol:    true,
+					HasNumber:    true,
+					MinLength:    10,
+				},
+				password: "Password1!",
+			},
+			hasError: false,
+		},
+		{
+			name: "has everything not ok",
+			args: args{
+				policy: &PasswordComplexityPolicyView{
+					HasLowercase: true,
+					HasUppercase: true,
+					HasSymbol:    true,
+					HasNumber:    true,
+					MinLength:    10,
+				},
+				password: "password",
+			},
+			hasError: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.args.policy.Check(tt.args.password)
+			if !tt.hasError && err != nil {
+				t.Errorf("should not get err: %v", err)
+			}
+			if tt.hasError && err == nil {
+				t.Errorf("should have error: %v", err)
+			}
+		})
+	}
+}

internal/iam/model/password_lockout_policy.go

@@ -0,0 +1,13 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/eventstore/models"
+)
+
+type PasswordLockoutPolicy struct {
+	models.ObjectRoot
+
+	State               PolicyState
+	MaxAttempts         uint64
+	ShowLockOutFailures bool
+}

internal/iam/model/password_lockout_policy_view.go

@@ -0,0 +1,47 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/model"
+	"time"
+)
+
+type PasswordLockoutPolicyView struct {
+	AggregateID         string
+	MaxAttempts         uint64
+	ShowLockOutFailures bool
+	Default             bool
+
+	CreationDate time.Time
+	ChangeDate   time.Time
+	Sequence     uint64
+}
+
+type PasswordLockoutPolicySearchRequest struct {
+	Offset        uint64
+	Limit         uint64
+	SortingColumn PasswordLockoutPolicySearchKey
+	Asc           bool
+	Queries       []*PasswordLockoutPolicySearchQuery
+}
+
+type PasswordLockoutPolicySearchKey int32
+
+const (
+	PasswordLockoutPolicySearchKeyUnspecified PasswordLockoutPolicySearchKey = iota
+	PasswordLockoutPolicySearchKeyAggregateID
+)
+
+type PasswordLockoutPolicySearchQuery struct {
+	Key    PasswordLockoutPolicySearchKey
+	Method model.SearchMethod
+	Value  interface{}
+}
+
+type PasswordLockoutPolicySearchResponse struct {
+	Offset      uint64
+	Limit       uint64
+	TotalResult uint64
+	Result      []*PasswordLockoutPolicyView
+	Sequence    uint64
+	Timestamp   time.Time
+}